VPN Client connected but no ping nor access to privat network

Answered Question
Oct 19th, 2008

Hi,

I have a 1802w installed, a VPN client wich can connect to the router and a connected L2L connection, wich works fine.

On the router I see that the client is connected, but no traffic is passing. In sh crypto ipsec, I see that traffic is decrypted, but no packtets are encypted.

Can anybody point me in the right direction? Attached I have the confs and debugs. Thanks for help in advance.

Erich

I have this problem too.
0 votes
Correct Answer by ajagadee about 8 years 1 month ago

Erich,

Looking at your configuration, Couple of things:

1. Is this the current running configuration. I see your L2L Tunnel is configured with a match address of 101 but I do not see an ACL 101 defined on the router.

2. Your Split Tunnel needs to be reconfigured. Meaning, the source and destination needs to be swapped.

ip access-list extended SplitList

permit ip 192.168.2.0 0.0.0.255 192.168.111.0 0.0.0.255

Split Tunneling

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4

Also, the pool of IP Addresses that you are assigning to the clients, make sure they are not part of a LAN on your side. If so, then you could run into routing issues.

Regards,

Arul

** Please rate all helpful posts **

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ajagadee Sun, 10/19/2008 - 13:10

Hello Erich,

Can you attached the configuration and debugs. I dont see it attached to the post.

Regards,

Arul

ezy Sun, 10/19/2008 - 19:36

Hi,

attached the debugs and confs.

Erich

Correct Answer
ajagadee Mon, 10/20/2008 - 06:38

Erich,

Looking at your configuration, Couple of things:

1. Is this the current running configuration. I see your L2L Tunnel is configured with a match address of 101 but I do not see an ACL 101 defined on the router.

2. Your Split Tunnel needs to be reconfigured. Meaning, the source and destination needs to be swapped.

ip access-list extended SplitList

permit ip 192.168.2.0 0.0.0.255 192.168.111.0 0.0.0.255

Split Tunneling

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800a393b.shtml#con4

Also, the pool of IP Addresses that you are assigning to the clients, make sure they are not part of a LAN on your side. If so, then you could run into routing issues.

Regards,

Arul

** Please rate all helpful posts **

ezy Mon, 10/20/2008 - 20:25

Hi Arul,

thanks a lot. It was the split tunnel, I mixed it somehow.

Regards

Erich

Actions

This Discussion